E. Remarks 



Status of the Claims 

Claims 1 - 35 are pending. Claims 1 , 2, 8, 1 2, 1 4, 1 7, 1 8, 2 1 , 25 - 27, 30, and 
33 - 35 have been amended. 

Drawing Objections 

The drawing Figure 1 2b was objected to due to the presence of a duplicate reference 
numeral "386". The figure has been amended to change the first occurrence to "366" 
consistent with the ordering of the surrounding numerals and, further, with the plainly evident 
substance of the specification at HI 1 5. Withdrawal of the objection is respectfully requested. 

Specification Objections 

The specification, at 1184, has been amended to correct the clerical error resulting in 
the mis-identification of the file system element by the numeral "36". The numeral has been 
amended to "34" to be consistent with other references to the file system element in the 
specification. 

The specification at 1150 has been amended to qualify the identification of the "Intel® 
E7500 chipset 52" to read as the "Intel® E7500 system control hub chipset 52" merely for 
purposes of clarity. The "Intel® E7500 chipset" is well-understood by those of skill in the art 
to be a system control hub. Further, the mutual identification by the reference numeral 52 
in the specification and drawings as originally filed makes clear the correspondence between 
the "system control hub" and "chipset 52". Accordingly, no new matter has been added by 
this amendment. 

An objection is made to the use of the reference label "Auth File System" for the 
element 34 in Figure 5 in contrast to the use of the phrase "modified file system 34" in the 
specification at 1145. The reference numeral 34 is associated with the "file system" element, 
which is clearly described in the specification as "modified" to provide for the "selective 
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authentication processing of file system requests directed to the network storage resources 
16, including through network servers 26" (ennphasis added). No ambiguity can be 
discerned under any reasonable reading of the relevant sentence in 1145. The reason for the 
objection is therefore unclear. Clarification is respectfully requested. 

An objection is made to the use of the reference numeral "180" with both "a policy 
parser" and "the policy parser." The articles "a" and "the/' under any reasonable 
grammatical construction, cannot be the source of any ambiguity in the specification 
regarding the element identified as the "policy parser 1 80." The reason for the objection is 
therefore unclear. Clarification is respectfully requested. 

The specification at HI 15 has been amended to change the first occurrence of the 
reference numeral "386" to "366". The substance of the specification, at the point of the 
amendment, makes clear the association of the process step described (" compliance failures 
being reported") with the process step shown in Figure 12b ("Report Policy Failures"). 
Accordingly, no new matter has been added by this amendment. 

Applicants respectfully request withdrawal of the objections directed to the 
specification. 

Claim Objections 

Claim 1 2 stands rejected as having insufficient antecedent basis for the claim phrase 
"the generation of a modified file request." Given that the reason for the asserted lack of 
antecedent basis is not given in the Action, Applicants' are left to guess that the concern is 
with use of the article "the" in the phrase "said network appliance enables the generation 
of a modified file request." However, the article is not directly identifying an element of the 
claim and therefore does not imply prior basis. For clarity. Claim 1 2 has been amended to 
simply remove the article. If Applicants have misapprehended the nature of the objection, 
clarification is requested. 
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Claim 27 has been amended to provide proper antecedent basis for the '' said 
specification of said predetermined file operation request/' 

In view of the amendments made, Applicants respectfully request withdrawal of the 
objections made to the claims. 

Double Patenting Rejection 

A terminal disclaimer complying with the requirements of 37 C.F.R. §1 .321© is filed 
herewith. Accordingly, reconsideration of the non-statutory double patenting rejection is 
respectfully requested. 

Rejections under 35 U.S.C. §102: 

Claims 1 - 35 stand rejected as anticipated by Graham (US Publication 
2002/0178271). 

In order to establish a rejection under 35 U.S.C. §102, all elements of a claim must 
be identically found in a prior art reference. See, M.P.E.P. §706.02 (For anticipation under 
35 U.S.C. 102, the reference must teach every aspect of the claimed invention either 
explicitly or impliedly. Any feature not directly taught must be inherently present) (emphasis 
added); M.P.E.P. §2112 (In relying upon the theory of inherency, the Examiner must provide 
a basis in fact and/or technical reasoning to reasonably support the determination that the 
allegedly inherent characteristic necessarily flows from the teachings of the applied prior art. 
Ex parte Levy . 1 7 USPQ2d 1 46 1 , 1 464 (Bd. Pat. App. & Inter. 1 990) (emphasis in original); 
M.P.E.P. §2131. 

The essential nature of anticipatory identity requires that the function of the elements 
and their interconnections not just be colorably similar, but identical in all aspects (emphasis 
added). See, Richardson v. Suzuki Motor Co. . 868 F.2d 1226, 1236, 9 USPQ2d 1913, 
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1920 (Fed. Cir. 1989) (The identical invention must be shown [by the reference] in as 
complete detail as is contained in the ... claim). Clearly, a prior art reference that 
discloses a collection of elements that are assembled differently and that function collectively 
in a different or incomplete way compared to the claimed invention is not an anticipating 
reference. 

Applicants respectfully assert that the claims, particularly as now amended, are not 
anticipated by Graham. 

In summary, Graham teaches a purely unidirectional file-oriented content distribution 
system. The proxy server of Graham is taught as only supporting out-bound data transfer 
requests - the proxy operates as a content file server (1165) and, on the client, only file 
requests are intercepted (11141). Given that Graham only teaches the content distribution 
of "files" - content is specifically selected through a "file browsing process" (1165, HI 39) - the 
minimum identifiable unit of content is at least implicitly taught as being nothing less than 
a file. The HTTP content transfer protocol, a simple file oriented continuous stream transfer 
protocol, is taught by Graham as fully sufficient for implementation of the disclosed proxy 
server and client receiver (11241 , 11242). The content files are stored unencrypted in a NAS- 
dative file-system format (HI 99). Each file, as encrypted, must be delivered for decryption 
in sequence (1121 3), which reflects that each file is encrypted as a single entity. Therefore, 
the reasonably understood teaching of Graham is of a read-only , file at a time only content 
distribution system. 

Claim 1: 

Claim 1, as amended, emphasizes that the claim covers a system capable of 
"bidirectional" transfer of file data. Specifically, the claim requires that a "sub-portion" of 
a "predetermined file," be selected based on a "non-sequential request" made an 
application executed on a client computer system. Further, Claim 1 requires that, where a 
"first sub-portion" is requested by the application, a "second predetermined sub-portion" is 



Attorney Docket No.: AESN3008Conl 

Sbr/aesn/3008conl .004.respl .wpd 



Page 18 



read encrypted from the network dote store. This second sub-portion is qualified as being 
"inclusive of said first predetermined sub-portion/' yet less than the full file, i.e., explicitly a 
"sub-portion." 

Further, the claimed "agent program" includes a "representation of said non- 
sequential request" as part of the authentication data used in determining whether the 
particular "non-sequential request" operation is permitted. Since the non-sequential request 
defines the data transfer direction, consistent with support for bidirectional transfer, the 
claimed selective enabling of the "performance of the non-sequential request" encompasses 
a differential determination based on whether the "non-sequential request" is a read or write 
operation. 

Therefore, Graham, which discloses a read-only , file at a time only content 
distribution system does not identically teach the present invention as set forth in Claim 1 . 
Applicants respectfully assert that Claim 1 is not anticipated by Graham. Reconsideration 
of the rejection of Claim 1 is requested. 

Claims 2-7: 

Claims 2-7 are dependent on Claim 1 and are, therefore, likewise not identically 
taught by Graham. Reconsideration of the rejection of Claims 2 - 7 is respectfully requested. 

Claim 8: 

Claim 8, similar to Claim 1 , also requires a system capable of bidirectional transfer 
of file data between a client computer system and network data store. The claimed "agent 
program" is responsive to a "source file request" that is a "random read/write request 
specifying transfer of a first defined sub-portion of said source file." The claim further 
requires performance of the source file request, as dependent on the authentication data, 
by transferring "from said network data store a second defined sub-portion of said source 
file inclusive of said first defined sub-portion of said source file." Again, the "second defined 
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sub-portion" is less that the whole source file, yet inclusive, i.e., equal to or larger than the 
"first defined sub-portion/' 

Like Claim 1, Claim 8 also includes a "representation" of the request in the 
authentication data. The determination to allow performance of the source file request can 
therefore be dependent on whether the request is a read or write. 

The system set forth in Claim 8 is therefore not identically taught by the read-only, file 
at a time only content distribution system of Graham. Applicants therefore respectfully assert 
that Claim 8 is not anticipated by Graham. Reconsideration of the rejection of Claim 8 is 
requested. 

Claims 9-16: 

Claims 9-16 are dependent on Claim 8 and are, for at least the reasons given in 
regard to Claim 8, not anticipated by Graham. Reconsideration of the rejection of Claims 
9 - 16 is respectfully requested. 

Claim 17: 

Claim 1 7 specifies a method of securely reading and writing back a modified portion 
of a data file to a file data store. A "first program" intercepts a "data transfer request" that 
"specifies transfer of a first sub-portion of said data file" where the data transfer request is 
provided by a second application and directed to a "client accessible file data store." The 
step of "second processing" provides for "retrieving a second sub-portion of the data file" 
and then decrypting, modifying and re-encrypting the second sub-portion. The second sub- 
portion is then transferred back to the "data store for incorporation into said data file." 

In contrast, the Graham system operates only as a read-only , file at a time only 
content distribution system. The secure bidirectional, sub-file portion capable data transfer 
system defined by the method of Claim 1 7 is not identically taught by Graham. Applicants 
therefore respectfully assert that Claim 1 7 is not anticipated by Graham. Reconsideration 
of the rejection of Claim 1 7 is requested. 
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Claims 18-24; 

Claims 18-24 are dependent on Claim 17. For at least the same reasons given 
above in regard to Claim 17, Applicants respectfully assert that Claims 18-24 are not 
identically taught and, therefore, not anticipated by Graham. Reconsideration of the 
rejection of Claims 18-24 is requested. 

Claim 25: 

Claim 25 defines a method of securely transferring bidirectionally portions of files 
stored on a remote filesystem relative to a client computer system. Relative to a "file" stored 
encrypted on the remote filesystem, the authentication data is required to include a 
"representation of said predetermined file operation request" from which a "write operation 
permission" is considered in determining whether to "allow modification of said file as stored 
encrypted in said filesystem." 

Claim 25 further requires the step of 

d) transferring predetermined encrypted blocks of file data 
representing a sub-portion of said file in response to said 
predetermined file operation request through a network 
connection where said predetermined encrypted blocks of file 
data are decrypted, modified, encrypted, and returned through 
said network connection for storage as part of said file. 

Graham, however, teaches only a read-only , file at a time only distribution of content. 
Graham therefore does not identically teach the method steps set forth in Claim 25. 
Accordingly, Applicants respectfully assert that Claim 25 is not anticipated by Graham. 
Reconsideration of the rejection of Claim 25 is requested. 

Claims 26-29: 

Claims 26 - 29 are dependent on and define further process limitations relative to 
Claim 25. For at least the same reasons given regarding Claim 25, Applicants respectfully 
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assert that Claims 26 - 29 are not identically taught and, therefore, are not anticipated by 
Graham. Reconsideration of the rejection of Claims 26 - 29 is respectfully requested. 

Claim 30: 

Claim 30 explicitly defines a system where "an identified data file [is] stored 
encrypted" and remote, relative to a security appliance, and that can be accessed in 
response to "a random read/write file data transfer operation." The claimed "processor" is 
operative to: 

. . . selectively enable said random read/write file data transfer 
operation ... to transfer an encrypted sub-portion of said 
identified data file through a network connection for remote 
decryption, modification and return through said network 
connection for storage as part of said identified data file. 

The "access request message" identifies the specific requested file operation. The 
"policy data store" is used by the processor to determine the "file operation qualifiers" 
applicable to the file identified by the request. These qualifiers are then used to determine 
whether the processor will "selectively enable said random read/write file data transfer 
operation." The "file operation qualifiers" therefore encompass a determination of whether 
either a read or write operation is permitted. 

Again, Graham only teaches a read-only , file at a time only content distribution 
system. Graham clearly does not identically teach the system set forth in Claim 30. 
Applicants therefore respectfully assert that Claim 30 is not anticipated by Graham. 
Reconsideration of Claim 30 is requested. 

Claims 31 - 35: 

Claims 3 1 - 35, which are dependent on Claim 30, are not identically shown for the 
same reasons established above in regard to Claim 30. Applicants respectfully assert that 
Claims 31-35 are therefore not anticipated by Graham. Reconsideration of the rejection 
of Claims 31 - 35 is requested. 
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Conclusion: 

In view of the above Amendments and Remarks, Applicants respectfully assert that 
Claims 1 - 35 are now properly in condition for allowance. The Examiner is respectfully 
requested to take action consistent therewith and pass this application on to issuance. The 
Examiner is respectfully requested to contact the Applicants' Attorney, at the telephone 
number provided below, in regard to any matter that the Examiner may identify that might 
be resolved through a teleconference with the Examiner. 



Respectfully submitted, 



Date: 



By: 




NewTechUw 

260 Sheridan Avenue, Suite 208 
Palo Alto, California 94306 
Telephone: 650.325.2100 
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